On Jan 2, 2008, at 2:40 AM, Marco Marongiu wrote:
Hello there, and happy new year wherever you are! We have a service that (just now) they say can't handle more than 10 connections per second. And they can't change it.On the other side there is a service consumer that is multi- istanciated, multi-threaded and batch-oriented. And when the batch starts it tries toopen far more than 10 connections per second. ...I'll keep researching about that, but if in the meanwhile someone couldpoint us to a reverse proxy that can do that -or even a completely different solution that I didn't consider-, that could be great.
I hate recommending things I haven't tried, but, one thing you might look into is pf's max-src-conn-rate. It is designed to throttle connections that exceed connections/time. The limited documentation is here:
http://www.openbsd.org/faq/pf/filter.html (scroll down to Stateful Tracking Options)
There is also the just-released "The Book of PF" from No Starch Press which has a couple pages on using max-src-conn-rate.
pf requires a recent *BSD. One application might be a bridge in front of your application server(s) that just limits the connection rate.
HTH, Tony Tony Del Porto SysAdmin USENIX Association 2560 9th Street, Suite 215, Berkeley CA 94710 510 528 8649 x16 desk | 510 932 3393 mobile tony@xxxxxxxxxx | www.usenix.org | www.sage.org http://www.usenix.org/about/tonyd.gpgkey